|
Nick, your article is great. However, it's just not answering my specific question.
Thank you verym much.
|
|
|
|
|
Do you need VS.NET 2003 to develop WINCE apps ? I can't seem to find a download for the initial VS.NET release ..
thks in advance.
|
|
|
|
|
No, you don't need VS.NET 2003. The Compact Framework was released along with VS.NET 2003 as merely a big marketing ploy. It was actually ready sometime before that from what I've heard. The beta works with VS.NET 2002 and the release works with VS.NET 2003. But, you don't need either of these IDEs to write applications for WinCE devices. The Compact Framework is downloadable separately and can be installed on the devices. You can install the .NET Framework 1.1 SDK and write applications without the IDE (good test of if you know the framework or just the IDE). The apps can be installed on the devices using tools in the WinCE 3.0 and 4.0 SDKs, and you can also build the CAB files manually using tools that are available in the Platform SDK (some tools installed by default along with VS.NET - including cabarc.exe).
IDEs are really only for RAD and are helpful, but never necessary.
Reminiscent of my younger years...
10 LOAD "SCISSORS"
20 RUN
|
|
|
|
|
does the .NET Speech SDK support parts of speech tagging?
if so what classes?
Thanks
Later, JoeSox www.humanaiproject.org
"Dream as if you'll live forever; live as if you'll die tomorrow."
- James Dean(ISTP)
|
|
|
|
|
I want to give a trial version of my software what is the best way of storing a variable to test the date of install, whether or not it was registered and an easy registration process, if anyone has an example I can look at I'd appreciate it. I dont want to use a file or registry setting that can be changed easily by a user.
|
|
|
|
|
One thing I did with our software was to use an XML file with the computer's SID (unique to every computer) along with a timestamp and then sign the XML with our private key (kept secure, of course). The application can verify the XML signature (uses standard WS-Signatures from the Microsoft.Web.Security assembly since the ones in the .NET class library don't work in some cases) and compare the SID stored in the file with that of the computer's. If the signature is invalid, the user changed it and the app doesn't run. If the SIDs are different the computers are different and the app doesn't run. The timestamp tells you when it was installed and you can diff from the time from this. If the user modifies it, the app doesn't run.
You could further extend this by making that file the actual license so that you don't have multiple builds of your application. When the user purchases the license, they send you a raw XML file (timestamp and computer SID) that you add a value to which signifies that they bought it, then sign the XML and email it back to them (or use some sort of online system, which wouldn't be hard to develop).
Either way, if the file is modified, it is invalid.
Now, here's the trick. It's better to use an enveloped signature (the signature is part of the XML document) because it keeps your schema valid. You also shouldn't include the public key in the signature because if your app uses the public key provided, then someone else could change the values and resign the XML document with their information. If your app trusts the public key included, the user just pirated your software! So, make sure your app uses its own public key stored in its code (or uses the one that is part of its manifest if you sign the XML document and your assembly with the same key pair) and you're good to go!
Reminiscent of my younger years...
10 LOAD "SCISSORS"
20 RUN
|
|
|
|
|
Heath,
Does your application consider issues with programs that can change the SID like NewSID[^]
-Nick Parker
|
|
|
|
|
They would have to resubmit the license request file (basically, the unsigned XML file) and have it resigned and reissued. This is, however, similar to current public key cryptography. If you change your key, you must redistribute it and your old public key won't work anymore with the new private key. The computer's SID 1) isn't supposed to change unless you change domains, and 2) uniquely identifies the computer, just like your private key identifies you.
Speaking of domains, if you change the domain name in ActiveDirectory, the server certificates and everything the CA has signed is invalid. In public key cryptography, uniqueness is required somewhere so that you can verify signatures (basically, the encrypted hash).
I guess one could say that no content / application protection scheme is 100% effective and versatile. This one just uses standard cryptography practices that have been proven time and time again. It still isn't the best because of problems like you pointed out, but it'll work in most cases - a large most.
Besides, think of it like Microsoft activation thingy. If you change something major, you have to reactivate and probably will end up calling Microsoft. Your customers could have the same option where they explain the situation, so you can verify their credentials (perhaps a business ID or passphrase) and resign the file however you see fit.
Reminiscent of my younger years...
10 LOAD "SCISSORS"
20 RUN
|
|
|
|
|
What about using the MAC address of the computer instead of the SID?
-Nick Parker
|
|
|
|
|
That's a possibility, but if memory serves me correctly, that can be changed, too. Besides, isn't this on the NIC and not the computer as a whole? Swapping out the NIC - which happens much, much more often than changing the computer's SID - would render the license invalid.
Reminiscent of my younger years...
10 LOAD "SCISSORS"
20 RUN
|
|
|
|
|
Heath Stewart wrote:
Besides, isn't this on the NIC and not the computer as a whole? Swapping out the NIC - which happens much, much more often than changing the computer's SID - would render the license invalid.
Good point, good conversation though.
-Nick Parker
|
|
|
|
|
Is it worth posting an article to cover this topic (which you seem to know a lot about)? Myself and seemingly many other CPians would be interested to read the full story.
Derek Lakin.
Try the Code Store for instant integrated access to an online repository of .NET components.
I wish I was what I thought I was when I wished I was what I am.
Salamander Software Ltd.
|
|
|
|
|
Yeah, I could probably do that. It shouldn't take too much time and I've already got the code ready. In case I don't remember to post when I finish here, just keep an eye out for it. Probably'll be about a week since I'm pretty swamped at work.
Reminiscent of my younger years...
10 LOAD "SCISSORS"
20 RUN
|
|
|
|
|
Great! I'll keep an eye out for it
Derek Lakin.
Try the Code Store for instant integrated access to an online repository of .NET components.
I wish I was what I thought I was when I wished I was what I am.
Salamander Software Ltd.
|
|
|
|
|
Hi, I was wondering if you ever got to write the article about this? I am very interested and it sounds exactly like what i want. Even some sample code would be great
--Adam Turner
|
|
|
|
|
No, not yet unfortunately. I just finished moving (though not unpacking) and have a deadline at work coming up soon. I do plan on writing bits of the article within the next couple of weeks, though, so stay tuned.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
I finally found some time to write the article: http://www.codeproject.com/dotnet/xmldsiglic.asp[^]
I hope this helps.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
|
Am I reading this right? A virtual machine just to manage application rights? How does it affect the program? I mean, it seems like it'd be effective, but not necessarily efficient.
Reminiscent of my younger years...
10 LOAD "SCISSORS"
20 RUN
|
|
|
|
|
The virtual machine thing is mostly fluff.
What they basically do is embed a piece of code within your .exe. I believe someone posted a related article on Cp about doing such things.
Then, anytime you start the .exe it checks a license key somehow and, depending on the result, starts an internet-driven activation process. This process is meant to let/force users buy the software.
|
|
|
|
|
There is a possible upcoming project at my place of employment that would require the .NET Framework to be installed onto client machines. Is there a way to push the framework to client machines from a Windows 2003 Server through an ASP.NET application?
Thanks In Advance.
Tony
|
|
|
|
|
Negative. What you could do is include a command in the user's startup script to run dotnetfx.exe from a server with the /silent switch (or something like that) and let them know to leave their desks for a few minutes.
Hawaian shirts and shorts work too in Summer.
People assume you're either a complete nut (in which case not a worthy target) or so damn good you don't need to worry about camouflage...
-Anna-Jayne Metcalfe on Paintballing
|
|
|
|
|
Thanks!
I will look into this through SMS also.
Tony
|
|
|
|
|
Actually, the .NET framework uses a Windows Installer file (MSI) with a separate CAB. If you use ActiveDirectory or have SMS server (which I saw that you do), you can certainly push it out to machines. Just don't use AD's Computer installation method because it only advertises information in the MSI and .NET's MSI has nothing to advertise!
Reminiscent of my younger years...
10 LOAD "SCISSORS"
20 RUN
|
|
|
|
|
As far as I know PInvoke just invokes a method in new unmanaged instance. Is it possible to pass the result from hosted object to the specific host instance that created hosted object without security problem?
|
|
|
|